01: /*
02: * JBoss, Home of Professional Open Source.
03: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
04: * as indicated by the @author tags. See the copyright.txt file in the
05: * distribution for a full listing of individual contributors.
06: *
07: * This is free software; you can redistribute it and/or modify it
08: * under the terms of the GNU Lesser General Public License as
09: * published by the Free Software Foundation; either version 2.1 of
10: * the License, or (at your option) any later version.
11: *
12: * This software is distributed in the hope that it will be useful,
13: * but WITHOUT ANY WARRANTY; without even the implied warranty of
14: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15: * Lesser General Public License for more details.
16: *
17: * You should have received a copy of the GNU Lesser General Public
18: * License along with this software; if not, write to the Free
19: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
21: */
22: package org.jboss.web.tomcat.security;
23:
24: import java.io.IOException;
25: import javax.servlet.ServletException;
26: import javax.servlet.http.HttpSession;
27:
28: import org.apache.catalina.connector.Request;
29: import org.apache.catalina.connector.Response;
30: import org.apache.catalina.valves.ValveBase;
31: import org.jboss.logging.Logger;
32:
33: /** A valve that associates the j_username with the session under the attribute
34: * name j_username for use by form login/error pages. If the includePassword
35: * attribute is true, the j_password value is also included in the session
36: * under the attribute name j_password. In addition, it maps any
37: * authentication exception found in the SecurityAssociation to the session
38: * attribute name j_exception.
39: *
40: * @author Scott.Stark@jboss.org
41: * @version $Revision: 57206 $
42: */
43: public class FormAuthValve extends ValveBase {
44: private static Logger log = Logger.getLogger(FormAuthValve.class);
45: private static boolean trace = log.isTraceEnabled();
46: private boolean includePassword;
47:
48: public boolean isIncludePassword() {
49: return includePassword;
50: }
51:
52: public void setIncludePassword(boolean includePassword) {
53: this .includePassword = includePassword;
54: }
55:
56: public void invoke(Request request, Response response)
57: throws IOException, ServletException {
58: String username = request.getParameter("j_username");
59: HttpSession session = request.getSession(false);
60: if (trace)
61: log.trace("Enter, j_username=" + username);
62: if (session != null) {
63: if (username != null)
64: session.setAttribute("j_username", username);
65: if (includePassword) {
66: Object pass = request.getParameter("j_password");
67: if (pass != null)
68: session.setAttribute("j_password", pass);
69: }
70: }
71:
72: getNext().invoke(request, response);
73:
74: username = request.getParameter("j_username");
75: session = request.getSession(false);
76: if (session != null) {
77: if (trace)
78: log.trace("SessionID: " + session.getId());
79: if (username != null)
80: session.setAttribute("j_username", username);
81: // Check the SecurityAssociation context exception
82: Throwable t = (Throwable) SecurityAssociationActions
83: .getAuthException();
84: if (trace)
85: log.trace("SecurityAssociation.exception: " + t);
86: if (t != null)
87: session.setAttribute("j_exception", t);
88: }
89: if (trace)
90: log.trace("Exit, username: " + username);
91: }
92: }
|